A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights. Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25239 Reference (s):
- https://cert-portal.siemens.com/productcert/pdf/ssa-731317.pdf
- URL: https://cert-portal.siemens.com/productcert/pdf/ssa-731317.pdf